chill-bundles/src/Bundle/ChillCalendarBundle/Security/Voter/CalendarVoter.php

<?php

namespace Chill\CalendarBundle\Security\Voter;

use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Security;

class CalendarVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{
    public const SEE = 'CHILL_CALENDAR_CALENDAR_SEE';


    private Security $security;

    private VoterHelperInterface $voterHelper;


    public function __construct(
        Security $security,
        VoterHelperFactoryInterface $voterHelperFactory
    ) {
        $this->security = $security;
        $this->voterHelper = $voterHelperFactory
            ->generate(self::class)
            ->addCheckFor(AccompanyingPeriod::class, [self::SEE])
            ->build();
    }

    public function getRolesWithHierarchy(): array
    {
        return ['Calendar' => $this->getRoles()];
    }

    public function getRoles(): array
    {
        return [
            self::SEE,
        ];
    }

    public function getRolesWithoutScope(): array
    {
        return [];
    }

    protected function supports($attribute, $subject): bool
    {
        return $this->voterHelper->supports($attribute, $subject);
    }

    protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
    {
        if ($subject instanceof AccompanyingPeriod) {
            switch ($attribute) {
                case self::SEE:

                    if ($subject->getStep() === AccompanyingPeriod::STEP_DRAFT) {
                        return false;
                    }

                    // we first check here that the user has read access to the period
                    return $this->security->isGranted(AccompanyingPeriodVoter::SEE, $subject);
                default:
                    throw new \LogicException('subject not implemented');
            }
        }

        throw new \LogicException('attribute not implemented');
    }


}